Manualshelf

iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
71727374757677787980
Planning the iTP Secure WebServer PATHMON
Environment
iTP Secure WebServer System Administrator’s Guide523346-002
3-7
Common Gateway Interface (CGI) Application
Security Considerations
Common Gateway Interface (CGI) Application Security
Considerations
The system administrator must consider the user ID that will configure and start the iTP
Secure WebServer environment. The user ID determines the security restrictions for
the server classes within the environment. CGI programs and scripts are spawned by
the generic-cgi.pway server class. The owner of the generic-cgi.pway process is
determined as follows:
If the iTP Secure WebServer environment is started by the super ID, the spawned
CGI process inherits the rights of this ID and has access to any and all system
functions. If you are allowing users to write and execute their own CGI-type
programs, this behavior is not desirable.
If the environment is started by the super ID, the spawned CGI process inherits the
restrictions placed upon super ID users.
If the environment is started by a non-super ID, the CGI program is restricted by
the security of that user ID.
Pathway CGI Server Class Considerations
A Pathway CGI application inherits its user ID from the iTP Secure WebServer
environment, and has the same considerations as for a generic-CGI application.
Other Security Considerations
In addition to the security of the PATHMON environment, the system administrator
should consider the following security requirements before installing the iTP Secure
WebServer:
Protecting the Key Database File on page 3-7
Protecting the Server Password on page 3-8
Protecting Core Dumps on page 3-8
Protecting Transmission of Key Database Files and Core Dumps on page 3-9
Protecting the Key Database File
The key database file is the file you specify in commands such as keyadmin and in the
KeyDatabase configuration directive. It contains private keys and public key
certificates.
The key database file contains sensitive information that must be protected. The iTP
Secure WebServer protects the database by encrypting it, and by requiring a password
to access it (decrypt it).